DataGrail Research Finds CCPA Compliance Starts at $200K

Privacy Headlines (and unsolicited COVID-19 emails) in March & April Likely Drove an Increase of CCPA Privacy Requests

SAN FRANCISCO, April 30, 2020 /PRNewswire/ — Today, DataGrail, a leading privacy management platform, released the results from its first ever State of CCPA report, a Look Back at Early Trends Shaping the Privacy Landscape. The research shows that organizations who plan on manually processing CCPA data subject requests (DSRs) or data subject access requests will spend between $140k$275k per million consumer records they have in their systems.

The California Consumer Protection Act (CCPA) went into effect on January 1, 2020, giving consumers the right to know the data collected about them, to delete data about them, and ensure their data is not sold to third-parties. DataGrail offers a platform that automates the process of fulfilling these requests, giving it unique insight into the number of requests processed by companies.  To that end, it analyzed the number of requests that went across its platform in Q1 2020 to understand how CCPA will impact organizations in the long-run. The early learnings from the first few months of CCPA should help businesses plan and predict the future of privacy regulation.

Highlights include:                          

  • Privacy headlines (and COVID-related emails) in March & April likely drove an increase of CCPA privacy requests.
  • B2C companies should prepare to process approximately 100 to 194 requests per million consumer records each year.
  • Processing CCPA privacy requests will likely cost B2C companies $140,000 to $275,000 per one million consumer records, if done manually.
  • January 2020 saw a surge of privacy requests, most likely due to the law going into effect and privacy policy updates.
  • Deletion requests were the most popular requests (40%) in Q1 2020, followed by DNS (33%), and access requests (27%).
  • Do Not Sell (DNS) requests will likely become the most dominant privacy request after analyzing early trending data.

Looking forward to the remainder of 2020, DataGrail expects the number of CCPA privacy requests to stabilize around the February and March numbers (8 requests per million consumer records). However, as privacy related issues make headlines or a company updates their privacy policy, organizations should expect a surge of requests. For example, in April, the number of requests has been trending higher, most likely due to the number of COVID-related emails sent, and headlines about the privacy of remote work and conferencing apps. In July and August we may see a surge once again as CCPA enforcement begins on July 1, 2020.

DNS requests will likely dominate, with deletion requests not far behind, which means companies should prepare for the complex task of reaching out to their network of processors and sub processors to successfully perform a hard delete.

New regulations cause a lot of uncertainty and anxiety – especially when they involve a lot of complexity and associated fines. Amidst this uncertainty and the daily changes in our macro environment due to COVID-19, our aim with this research is to establish a simple baseline for what to expect in the realm of data privacy.

You can download the entire State of CCPA Q1 2020 Report here.

About DataGrail
DataGrail helps companies comply effortlessly with existing and emerging privacy laws, such as GDPR and CCPA. With more than 200+ enterprise pre-built connectors currently in place, the DataGrail platform provides a 360-degree, real-time view of the applications used and maps the personal data associated with each of those systems. DataGrail also allows customers to manage their privacy request workflows and email preferences across applications. To learn more about DataGrail, please visit or follow DataGrail on Twitter and LinkedIn.


Cision View original content to download multimedia:

SOURCE DataGrail

Print Friendly, PDF & Email